Security News > 2021 > July > Juniper Patches Critical Third-Party Flaws Across Product Portfolio
Juniper Networks has shipped security patches to cover numerous vulnerabilities across its product portfolio, including a series of critical bugs in third-party software used in the company's products.
The most important of the vulnerabilities is CVE-2021-0276, a stack-based buffer overflow in Juniper Networks SBR Carrier with EAP. An attacker could exploit it by sending specific packets to cause a denial of service condition or to execute code remotely, Juniper warned in an advisory.
Juniper Networks also released patches for high-severity vulnerabilities in Junos OS and Junos OS Evolved that could lead to Denial of Service, remote code execution, local privilege escalation, or traffic loss.
Juniper Networks published several advisories to announce the release of fixes for multiple vulnerabilities that affect third party software used in its products.
Junos Space 21.2R1 patches this bug and 34 other vulnerabilities, including another critical flaw, several high-severity issues, and multiple medium-risk ones.
By updating third party software, Juniper Networks also patched critical vulnerabilities in Juniper Contrail Insights, CTPView, and Contrail Networking, as well as high-severity bugs in Secure Analytics, Junos OS, and Junos OS Evolved.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-15 | CVE-2021-0276 | Out-of-bounds Write vulnerability in Juniper Steel-Belted Radius Carrier 8.4.1/8.5.0/8.6.0 A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). | 0.0 |